TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m / b9309b69b76b04fcdfe331fbd96d1fc5e040f85a / . / interface / include / mbedtls / aes.h
blob: d5eb1fd5c2c141dceea437c56a08e909eabdfa06 [file] [log] [blame]
Antonio de Angelis8bb98512024-01-16 14:13:36 +0000[diff] [blame]1/**
2 * \file aes.h
3 *
4 * \brief This file contains AES definitions and functions.
5 *
6 * The Advanced Encryption Standard (AES) specifies a FIPS-approved
7 * cryptographic algorithm that can be used to protect electronic
8 * data.
9 *
10 * The AES algorithm is a symmetric block cipher that can
11 * encrypt and decrypt information. For more information, see
12 * <em>FIPS Publication 197: Advanced Encryption Standard</em> and
13 * <em>ISO/IEC 18033-2:2006: Information technology -- Security
14 * techniques -- Encryption algorithms -- Part 2: Asymmetric
15 * ciphers</em>.
16 *
17 * The AES-XTS block mode is standardized by NIST SP 800-38E
18 * <https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38e.pdf>
19 * and described in detail by IEEE P1619
20 * <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.
21 */
22
23/*
24 * Copyright The Mbed TLS Contributors
25 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
26 */
27
28#ifndef MBEDTLS_AES_H
29#define MBEDTLS_AES_H
30#include "mbedtls/private_access.h"
31
32#include "mbedtls/build_info.h"
33#include "mbedtls/platform_util.h"
34
35#include <stddef.h>
36#include <stdint.h>
37
38/* padlock.c and aesni.c rely on these values! */
39#define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */
40#define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */
41
42/* Error codes in range 0x0020-0x0022 */
43/** Invalid key length. */
44#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
45/** Invalid data input length. */
46#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
47
48/* Error codes in range 0x0021-0x0025 */
49/** Invalid input data. */
50#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
51
52#ifdef __cplusplus
53extern "C" {
54#endif
55
56#if !defined(MBEDTLS_AES_ALT)
57// Regular implementation
58//
59
60/**
61 * \brief The AES context-type definition.
62 */
63typedef struct mbedtls_aes_context {
64 int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
65 size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES
66 round keys in the buffer. */
67#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
68 uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold
69 10 round keys for 128-bit case. */
70#else
71 uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
72 hold 32 extra Bytes, which can be used for
73 one of the following purposes:
74 <ul><li>Alignment if VIA padlock is
75 used.</li>
76 <li>Simplifying key expansion in the 256-bit
77 case by generating an extra round key.
78 </li></ul> */
79#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */
80}
81mbedtls_aes_context;
82
83#if defined(MBEDTLS_CIPHER_MODE_XTS)
84/**
85 * \brief The AES XTS context-type definition.
86 */
87typedef struct mbedtls_aes_xts_context {
88 mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
89 encryption or decryption. */
90 mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
91 computation. */
92} mbedtls_aes_xts_context;
93#endif /* MBEDTLS_CIPHER_MODE_XTS */
94
95#else /* MBEDTLS_AES_ALT */
96#include "aes_alt.h"
97#endif /* MBEDTLS_AES_ALT */
98
99/**
100 * \brief This function initializes the specified AES context.
101 *
102 * It must be the first API called before using
103 * the context.
104 *
105 * \param ctx The AES context to initialize. This must not be \c NULL.
106 */
107void mbedtls_aes_init(mbedtls_aes_context *ctx);
108
109/**
110 * \brief This function releases and clears the specified AES context.
111 *
112 * \param ctx The AES context to clear.
113 * If this is \c NULL, this function does nothing.
114 * Otherwise, the context must have been at least initialized.
115 */
116void mbedtls_aes_free(mbedtls_aes_context *ctx);
117
118#if defined(MBEDTLS_CIPHER_MODE_XTS)
119/**
120 * \brief This function initializes the specified AES XTS context.
121 *
122 * It must be the first API called before using
123 * the context.
124 *
125 * \param ctx The AES XTS context to initialize. This must not be \c NULL.
126 */
127void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx);
128
129/**
130 * \brief This function releases and clears the specified AES XTS context.
131 *
132 * \param ctx The AES XTS context to clear.
133 * If this is \c NULL, this function does nothing.
134 * Otherwise, the context must have been at least initialized.
135 */
136void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx);
137#endif /* MBEDTLS_CIPHER_MODE_XTS */
138
139/**
140 * \brief This function sets the encryption key.
141 *
142 * \param ctx The AES context to which the key should be bound.
143 * It must be initialized.
144 * \param key The encryption key.
145 * This must be a readable buffer of size \p keybits bits.
146 * \param keybits The size of data passed in bits. Valid options are:
147 * <ul><li>128 bits</li>
148 * <li>192 bits</li>
149 * <li>256 bits</li></ul>
150 *
151 * \return \c 0 on success.
152 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
153 */
154MBEDTLS_CHECK_RETURN_TYPICAL
155int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key,
156 unsigned int keybits);
157
158#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
159/**
160 * \brief This function sets the decryption key.
161 *
162 * \param ctx The AES context to which the key should be bound.
163 * It must be initialized.
164 * \param key The decryption key.
165 * This must be a readable buffer of size \p keybits bits.
166 * \param keybits The size of data passed. Valid options are:
167 * <ul><li>128 bits</li>
168 * <li>192 bits</li>
169 * <li>256 bits</li></ul>
170 *
171 * \return \c 0 on success.
172 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
173 */
174MBEDTLS_CHECK_RETURN_TYPICAL
175int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key,
176 unsigned int keybits);
177#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
178
179#if defined(MBEDTLS_CIPHER_MODE_XTS)
180/**
181 * \brief This function prepares an XTS context for encryption and
182 * sets the encryption key.
183 *
184 * \param ctx The AES XTS context to which the key should be bound.
185 * It must be initialized.
186 * \param key The encryption key. This is comprised of the XTS key1
187 * concatenated with the XTS key2.
188 * This must be a readable buffer of size \p keybits bits.
189 * \param keybits The size of \p key passed in bits. Valid options are:
190 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
191 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
192 *
193 * \return \c 0 on success.
194 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
195 */
196MBEDTLS_CHECK_RETURN_TYPICAL
197int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx,
198 const unsigned char *key,
199 unsigned int keybits);
200
201/**
202 * \brief This function prepares an XTS context for decryption and
203 * sets the decryption key.
204 *
205 * \param ctx The AES XTS context to which the key should be bound.
206 * It must be initialized.
207 * \param key The decryption key. This is comprised of the XTS key1
208 * concatenated with the XTS key2.
209 * This must be a readable buffer of size \p keybits bits.
210 * \param keybits The size of \p key passed in bits. Valid options are:
211 * <ul><li>256 bits (each of key1 and key2 is a 128-bit key)</li>
212 * <li>512 bits (each of key1 and key2 is a 256-bit key)</li></ul>
213 *
214 * \return \c 0 on success.
215 * \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
216 */
217MBEDTLS_CHECK_RETURN_TYPICAL
218int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx,
219 const unsigned char *key,
220 unsigned int keybits);
221#endif /* MBEDTLS_CIPHER_MODE_XTS */
222
223/**
224 * \brief This function performs an AES single-block encryption or
225 * decryption operation.
226 *
227 * It performs the operation defined in the \p mode parameter
228 * (encrypt or decrypt), on the input data buffer defined in
229 * the \p input parameter.
230 *
231 * mbedtls_aes_init(), and either mbedtls_aes_setkey_enc() or
232 * mbedtls_aes_setkey_dec() must be called before the first
233 * call to this API with the same context.
234 *
235 * \param ctx The AES context to use for encryption or decryption.
236 * It must be initialized and bound to a key.
237 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
238 * #MBEDTLS_AES_DECRYPT.
239 * \param input The buffer holding the input data.
240 * It must be readable and at least \c 16 Bytes long.
241 * \param output The buffer where the output data will be written.
242 * It must be writeable and at least \c 16 Bytes long.
243
244 * \return \c 0 on success.
245 */
246MBEDTLS_CHECK_RETURN_TYPICAL
247int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
248 int mode,
249 const unsigned char input[16],
250 unsigned char output[16]);
251
252#if defined(MBEDTLS_CIPHER_MODE_CBC)
253/**
254 * \brief This function performs an AES-CBC encryption or decryption operation
255 * on full blocks.
256 *
257 * It performs the operation defined in the \p mode
258 * parameter (encrypt/decrypt), on the input data buffer defined in
259 * the \p input parameter.
260 *
261 * It can be called as many times as needed, until all the input
262 * data is processed. mbedtls_aes_init(), and either
263 * mbedtls_aes_setkey_enc() or mbedtls_aes_setkey_dec() must be called
264 * before the first call to this API with the same context.
265 *
266 * \note This function operates on full blocks, that is, the input size
267 * must be a multiple of the AES block size of \c 16 Bytes.
268 *
269 * \note Upon exit, the content of the IV is updated so that you can
270 * call the same function again on the next
271 * block(s) of data and get the same result as if it was
272 * encrypted in one call. This allows a "streaming" usage.
273 * If you need to retain the contents of the IV, you should
274 * either save it manually or use the cipher module instead.
275 *
276 *
277 * \param ctx The AES context to use for encryption or decryption.
278 * It must be initialized and bound to a key.
279 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
280 * #MBEDTLS_AES_DECRYPT.
281 * \param length The length of the input data in Bytes. This must be a
282 * multiple of the block size (\c 16 Bytes).
283 * \param iv Initialization vector (updated after use).
284 * It must be a readable and writeable buffer of \c 16 Bytes.
285 * \param input The buffer holding the input data.
286 * It must be readable and of size \p length Bytes.
287 * \param output The buffer holding the output data.
288 * It must be writeable and of size \p length Bytes.
289 *
290 * \return \c 0 on success.
291 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
292 * on failure.
293 */
294MBEDTLS_CHECK_RETURN_TYPICAL
295int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
296 int mode,
297 size_t length,
298 unsigned char iv[16],
299 const unsigned char *input,
300 unsigned char *output);
301#endif /* MBEDTLS_CIPHER_MODE_CBC */
302
303#if defined(MBEDTLS_CIPHER_MODE_XTS)
304/**
305 * \brief This function performs an AES-XTS encryption or decryption
306 * operation for an entire XTS data unit.
307 *
308 * AES-XTS encrypts or decrypts blocks based on their location as
309 * defined by a data unit number. The data unit number must be
310 * provided by \p data_unit.
311 *
312 * NIST SP 800-38E limits the maximum size of a data unit to 2^20
313 * AES blocks. If the data unit is larger than this, this function
314 * returns #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH.
315 *
316 * \param ctx The AES XTS context to use for AES XTS operations.
317 * It must be initialized and bound to a key.
318 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
319 * #MBEDTLS_AES_DECRYPT.
320 * \param length The length of a data unit in Bytes. This can be any
321 * length between 16 bytes and 2^24 bytes inclusive
322 * (between 1 and 2^20 block cipher blocks).
323 * \param data_unit The address of the data unit encoded as an array of 16
324 * bytes in little-endian format. For disk encryption, this
325 * is typically the index of the block device sector that
326 * contains the data.
327 * \param input The buffer holding the input data (which is an entire
328 * data unit). This function reads \p length Bytes from \p
329 * input.
330 * \param output The buffer holding the output data (which is an entire
331 * data unit). This function writes \p length Bytes to \p
332 * output.
333 *
334 * \return \c 0 on success.
335 * \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH if \p length is
336 * smaller than an AES block in size (16 Bytes) or if \p
337 * length is larger than 2^20 blocks (16 MiB).
338 */
339MBEDTLS_CHECK_RETURN_TYPICAL
340int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx,
341 int mode,
342 size_t length,
343 const unsigned char data_unit[16],
344 const unsigned char *input,
345 unsigned char *output);
346#endif /* MBEDTLS_CIPHER_MODE_XTS */
347
348#if defined(MBEDTLS_CIPHER_MODE_CFB)
349/**
350 * \brief This function performs an AES-CFB128 encryption or decryption
351 * operation.
352 *
353 * It performs the operation defined in the \p mode
354 * parameter (encrypt or decrypt), on the input data buffer
355 * defined in the \p input parameter.
356 *
357 * For CFB, you must set up the context with mbedtls_aes_setkey_enc(),
358 * regardless of whether you are performing an encryption or decryption
359 * operation, that is, regardless of the \p mode parameter. This is
360 * because CFB mode uses the same key schedule for encryption and
361 * decryption.
362 *
363 * \note Upon exit, the content of the IV is updated so that you can
364 * call the same function again on the next
365 * block(s) of data and get the same result as if it was
366 * encrypted in one call. This allows a "streaming" usage.
367 * If you need to retain the contents of the
368 * IV, you must either save it manually or use the cipher
369 * module instead.
370 *
371 *
372 * \param ctx The AES context to use for encryption or decryption.
373 * It must be initialized and bound to a key.
374 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
375 * #MBEDTLS_AES_DECRYPT.
376 * \param length The length of the input data in Bytes.
377 * \param iv_off The offset in IV (updated after use).
378 * It must point to a valid \c size_t.
379 * \param iv The initialization vector (updated after use).
380 * It must be a readable and writeable buffer of \c 16 Bytes.
381 * \param input The buffer holding the input data.
382 * It must be readable and of size \p length Bytes.
383 * \param output The buffer holding the output data.
384 * It must be writeable and of size \p length Bytes.
385 *
386 * \return \c 0 on success.
387 */
388MBEDTLS_CHECK_RETURN_TYPICAL
389int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
390 int mode,
391 size_t length,
392 size_t *iv_off,
393 unsigned char iv[16],
394 const unsigned char *input,
395 unsigned char *output);
396
397/**
398 * \brief This function performs an AES-CFB8 encryption or decryption
399 * operation.
400 *
401 * It performs the operation defined in the \p mode
402 * parameter (encrypt/decrypt), on the input data buffer defined
403 * in the \p input parameter.
404 *
405 * Due to the nature of CFB, you must use the same key schedule for
406 * both encryption and decryption operations. Therefore, you must
407 * use the context initialized with mbedtls_aes_setkey_enc() for
408 * both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
409 *
410 * \note Upon exit, the content of the IV is updated so that you can
411 * call the same function again on the next
412 * block(s) of data and get the same result as if it was
413 * encrypted in one call. This allows a "streaming" usage.
414 * If you need to retain the contents of the
415 * IV, you should either save it manually or use the cipher
416 * module instead.
417 *
418 *
419 * \param ctx The AES context to use for encryption or decryption.
420 * It must be initialized and bound to a key.
421 * \param mode The AES operation: #MBEDTLS_AES_ENCRYPT or
422 * #MBEDTLS_AES_DECRYPT
423 * \param length The length of the input data.
424 * \param iv The initialization vector (updated after use).
425 * It must be a readable and writeable buffer of \c 16 Bytes.
426 * \param input The buffer holding the input data.
427 * It must be readable and of size \p length Bytes.
428 * \param output The buffer holding the output data.
429 * It must be writeable and of size \p length Bytes.
430 *
431 * \return \c 0 on success.
432 */
433MBEDTLS_CHECK_RETURN_TYPICAL
434int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
435 int mode,
436 size_t length,
437 unsigned char iv[16],
438 const unsigned char *input,
439 unsigned char *output);
440#endif /*MBEDTLS_CIPHER_MODE_CFB */
441
442#if defined(MBEDTLS_CIPHER_MODE_OFB)
443/**
444 * \brief This function performs an AES-OFB (Output Feedback Mode)
445 * encryption or decryption operation.
446 *
447 * For OFB, you must set up the context with
448 * mbedtls_aes_setkey_enc(), regardless of whether you are
449 * performing an encryption or decryption operation. This is
450 * because OFB mode uses the same key schedule for encryption and
451 * decryption.
452 *
453 * The OFB operation is identical for encryption or decryption,
454 * therefore no operation mode needs to be specified.
455 *
456 * \note Upon exit, the content of iv, the Initialisation Vector, is
457 * updated so that you can call the same function again on the next
458 * block(s) of data and get the same result as if it was encrypted
459 * in one call. This allows a "streaming" usage, by initialising
460 * iv_off to 0 before the first call, and preserving its value
461 * between calls.
462 *
463 * For non-streaming use, the iv should be initialised on each call
464 * to a unique value, and iv_off set to 0 on each call.
465 *
466 * If you need to retain the contents of the initialisation vector,
467 * you must either save it manually or use the cipher module
468 * instead.
469 *
470 * \warning For the OFB mode, the initialisation vector must be unique
471 * every encryption operation. Reuse of an initialisation vector
472 * will compromise security.
473 *
474 * \param ctx The AES context to use for encryption or decryption.
475 * It must be initialized and bound to a key.
476 * \param length The length of the input data.
477 * \param iv_off The offset in IV (updated after use).
478 * It must point to a valid \c size_t.
479 * \param iv The initialization vector (updated after use).
480 * It must be a readable and writeable buffer of \c 16 Bytes.
481 * \param input The buffer holding the input data.
482 * It must be readable and of size \p length Bytes.
483 * \param output The buffer holding the output data.
484 * It must be writeable and of size \p length Bytes.
485 *
486 * \return \c 0 on success.
487 */
488MBEDTLS_CHECK_RETURN_TYPICAL
489int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx,
490 size_t length,
491 size_t *iv_off,
492 unsigned char iv[16],
493 const unsigned char *input,
494 unsigned char *output);
495
496#endif /* MBEDTLS_CIPHER_MODE_OFB */
497
498#if defined(MBEDTLS_CIPHER_MODE_CTR)
499/**
500 * \brief This function performs an AES-CTR encryption or decryption
501 * operation.
502 *
503 * Due to the nature of CTR, you must use the same key schedule
504 * for both encryption and decryption operations. Therefore, you
505 * must use the context initialized with mbedtls_aes_setkey_enc()
506 * for both #MBEDTLS_AES_ENCRYPT and #MBEDTLS_AES_DECRYPT.
507 *
508 * \warning You must never reuse a nonce value with the same key. Doing so
509 * would void the encryption for the two messages encrypted with
510 * the same nonce and key.
511 *
512 * There are two common strategies for managing nonces with CTR:
513 *
514 * 1. You can handle everything as a single message processed over
515 * successive calls to this function. In that case, you want to
516 * set \p nonce_counter and \p nc_off to 0 for the first call, and
517 * then preserve the values of \p nonce_counter, \p nc_off and \p
518 * stream_block across calls to this function as they will be
519 * updated by this function.
520 *
521 * With this strategy, you must not encrypt more than 2**128
522 * blocks of data with the same key.
523 *
524 * 2. You can encrypt separate messages by dividing the \p
525 * nonce_counter buffer in two areas: the first one used for a
526 * per-message nonce, handled by yourself, and the second one
527 * updated by this function internally.
528 *
529 * For example, you might reserve the first 12 bytes for the
530 * per-message nonce, and the last 4 bytes for internal use. In that
531 * case, before calling this function on a new message you need to
532 * set the first 12 bytes of \p nonce_counter to your chosen nonce
533 * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p
534 * stream_block to be ignored). That way, you can encrypt at most
535 * 2**96 messages of up to 2**32 blocks each with the same key.
536 *
537 * The per-message nonce (or information sufficient to reconstruct
538 * it) needs to be communicated with the ciphertext and must be unique.
539 * The recommended way to ensure uniqueness is to use a message
540 * counter. An alternative is to generate random nonces, but this
541 * limits the number of messages that can be securely encrypted:
542 * for example, with 96-bit random nonces, you should not encrypt
543 * more than 2**32 messages with the same key.
544 *
545 * Note that for both strategies, sizes are measured in blocks and
546 * that an AES block is 16 bytes.
547 *
548 * \warning Upon return, \p stream_block contains sensitive data. Its
549 * content must not be written to insecure storage and should be
550 * securely discarded as soon as it's no longer needed.
551 *
552 * \param ctx The AES context to use for encryption or decryption.
553 * It must be initialized and bound to a key.
554 * \param length The length of the input data.
555 * \param nc_off The offset in the current \p stream_block, for
556 * resuming within the current cipher stream. The
557 * offset pointer should be 0 at the start of a stream.
558 * It must point to a valid \c size_t.
559 * \param nonce_counter The 128-bit nonce and counter.
560 * It must be a readable-writeable buffer of \c 16 Bytes.
561 * \param stream_block The saved stream block for resuming. This is
562 * overwritten by the function.
563 * It must be a readable-writeable buffer of \c 16 Bytes.
564 * \param input The buffer holding the input data.
565 * It must be readable and of size \p length Bytes.
566 * \param output The buffer holding the output data.
567 * It must be writeable and of size \p length Bytes.
568 *
569 * \return \c 0 on success.
570 */
571MBEDTLS_CHECK_RETURN_TYPICAL
572int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx,
573 size_t length,
574 size_t *nc_off,
575 unsigned char nonce_counter[16],
576 unsigned char stream_block[16],
577 const unsigned char *input,
578 unsigned char *output);
579#endif /* MBEDTLS_CIPHER_MODE_CTR */
580
581/**
582 * \brief Internal AES block encryption function. This is only
583 * exposed to allow overriding it using
584 * \c MBEDTLS_AES_ENCRYPT_ALT.
585 *
586 * \param ctx The AES context to use for encryption.
587 * \param input The plaintext block.
588 * \param output The output (ciphertext) block.
589 *
590 * \return \c 0 on success.
591 */
592MBEDTLS_CHECK_RETURN_TYPICAL
593int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
594 const unsigned char input[16],
595 unsigned char output[16]);
596
597#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
598/**
599 * \brief Internal AES block decryption function. This is only
600 * exposed to allow overriding it using see
601 * \c MBEDTLS_AES_DECRYPT_ALT.
602 *
603 * \param ctx The AES context to use for decryption.
604 * \param input The ciphertext block.
605 * \param output The output (plaintext) block.
606 *
607 * \return \c 0 on success.
608 */
609MBEDTLS_CHECK_RETURN_TYPICAL
610int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
611 const unsigned char input[16],
612 unsigned char output[16]);
613#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
614
615#if defined(MBEDTLS_SELF_TEST)
616/**
617 * \brief Checkup routine.
618 *
619 * \return \c 0 on success.
620 * \return \c 1 on failure.
621 */
622MBEDTLS_CHECK_RETURN_CRITICAL
623int mbedtls_aes_self_test(int verbose);
624
625#endif /* MBEDTLS_SELF_TEST */
626
627#ifdef __cplusplus
628}
629#endif
630
631#endif /* aes.h */